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DETAILED ACTION 

1. This action is responsive to communications: application, filed 9/23/2003; 
amendment filed 6/22/2007. 

2. Claims 1-11, 13-14, 26-29 are pending in the case. 

Response to Arguments 

3. Applicant's arguments were fully considered, but found non persuasive. 
Rejection under section 101 

4. Applicant's argument relative to rejection of claim 29 is found non persuasive. 
Claim 29, in its amended form, includes a program code. The program code is a non 
statutory subject matter even upon execution. A conventional computer readable 
medium storing a program code is considered statutory subject matter. The program 
code is not statutory subject matter. The claim also includes a recordable computer 
readable signal bearing medium. Applicant argues their specification at page 9 lines 16- 
20 distinguishes the "readable medium" from the "transmission medium". The 
specification at page 9 lines 16-20 reads: "Examples of computer readable signal bearing 
media include but are not limited to recordable type media such as volatile and non-volatile 
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memory devices, floppy and other removable disks, hard disk drives, magnetic tape, optical disks 
(e.g., CD-ROMs, DVDs, etc.), among others, and transmission type media such as digital and 
analog communication links. " 

The statement cited above not only does not distinguish the "readable medium" from the 
"transmission medium, but also clearly includes the "transmission medium" as a form of 
"readable medium". Therefore, applicants argument is non persuasive. 

Rejection under section 1 02 

5. Applicant argues: "Chan lacks any disclosure of encrypting an SQL statement 
and storing the encrypted SQL statement in an execution log of a database monitor. In 
fact, neither the term "log" nor the term "monitor" is even found in the reference". 
However, Chan teaches what is equivalent of a "log" and a "monitor" as claimed by the 
applicant. Applicant states that a conventional database monitor is a well known 
program used in a database management system to log the execution details of the 
system in an execution log, and is often used to optimize the system and/or the queries 
processed by the system (see applicant's Remarks in page 2). However, applicant's 
claim invention is not directed to a conventional database monitor, as it is not secured. 
Applicant's claim invention is directed to a specialized "monitor" and "log", which is 
created by the method outlined in the claim language. As specified by the claim, the 
"monitor" encrypts the SQL statements, and stores them as an execution log. The 
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process of encrypting the SQL statements and storing the encrypted SQL statements is 
clearly taught by Chan. Calling the device that performs the encryption and storage a 
"monitor", or the stored encrypted SQL statements a "log" does not distinguish the 
invention from the prior art. Note that Chan Fig 3 and associated text teaches a 
"monitor" (the modified DBMS access procedure) and a "log" (stored items 242) as 
claimed by the invention (see also Fig. 5). 

Applicant further argues: "In fact, Chan does not even disclose any encryption mechanism in a 
database server. Rather, clients are required to encrypt SQL statements, while a decryption 
engine in the server is used to decrypt those statements". However, Chan discloses a 
distributed system, which includes performing encryption of SQL statements. As an 
example see system 200 depicted in Chan's Fig. 2, which includes both the server and 
the client. The client part includes item 108, which is a modified database management 
system access procedure. Therefore, Chan teaches encryption of SQL statements in 
his disclosed distributed database system. In addition, it is noteworthy that the claim 
requires encryption of SQL statements (does not have to be performed in a database), 
and storing the encrypted SQL statements in the database. 

With regards to the newly added limitations to claim 1 , applicant argues that there is no 
evidence of conventionality of displaying encrypted data such as encrypted SQL 
statements. However, Examiner has shown that displaying log files is conventional. It is 
also conventional to encrypt logged information to protect them from disclosure. An 



Application/Control Number: 10/671,343 Page 5 

Art Unit: 2132 

example of scenarios where logs are encrypted is a banking or financial organization, 
which encrypt the records (logs) of financial transactions or checks. Another example 
can be found in US Patent No. 6938015, col. 1 lines 55-65. Therefore, it is conventional 
to encrypt logs. If the logs are to be used, they must be displayed and selected for 
decryption. Therefore, it is conventional to display encrypted logs. All the new limitations 
of claim 1 is discussed in the rejections outlined in the following sections. 

With respect to claim 3, as mentioned by the applicant, the claim generally recites a 
method of logging query execution in a database management system. Logging the 
encrypted SQL statement is a form of logging an encrypted query execution, and 
therefore meets the broad requirements of claim 3. 

With regards to limitations of claim 12, as discussed above, it is conventional in the art 
to display the encrypted logs. Therefore applicant's argument that limitations of claim 12 
are non obvious is not persuasive. 

Applicant's additional arguments relative to claims 3-11, and 13-14 and 26-29 is 
substantially the same as arguments discussed in the above, and therefore is found non 
persuasive. 



Claim Rejections - 35 USC § 101 

6. 35 U.S.C. 101 reads as follows: 
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Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

7. Claim 29 rejected as being directed to non-statutory subject matter. Claim 29 
recites a program product that is borne as a computer readable signal bearing medium. 
Broadly construed, a signal bearing medium is merely a digital or electronic signal and 
is intangible. In order for the program product to be statutory under 35 USC 101 , the 
claim as a whole must be concrete, useful, and tangible. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1-11, 13-24, 26-29 rejected under 35 U.S.C. 103(a) as being 
unpatentable over Chan (US Patent No. 5,713,018, dated Jan. 27, 1998). 

In reference to claim 1: 

Chan discloses a method of executing a query in a database management system, the 
method comprising: 

Receiving an SQL statement from an application program coupled to the 
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database management system, where the SQL statements are received from a client 
through the clients' DBMS access program. (Column 2, lines 48-67) 

Executing the SQL program. (Column 1 , lines 65-67) 

Encrypting the SQL statement to generate an encrypted representation of the 
SQL statement, where the SQL is encrypted into an encrypted SQL string. (Column 3, 
lines 11-51) 

Logging execution of the SQL statement in a database monitor by storing the 
encrypted representation of the SQL statement in an execution log managed by the 
database monitor (Column 3, lines 50-60) & (Column 4, lines 35-60); 

Chan teaches retrieving the encrypted representation of the SQL statement from 
the execution log, decrypting the encrypted representation of the SQL statement to 
generate an unencrypted representation of the SQL statement (Fig. 4 and associated 
text, particularly col. 4, lines 12 to 37), but Chan does not explicitly mention displaying 
the unencrypted representation of SQL statements. However, displaying the content of 
stored information, especially logs is widely practiced and well known in the art. An 
example of such case is when the system administrator debugging the system looks 
into logs to review the system history. The motivation to display the log information is 
self evident as the logs are stored to track the events in the system. Therefore, it would 
have been obvious to the person skilled in art to display the information logged in the 
system. 
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In reference to claim 2 , 

Chan (Column 3, lines 12-37) discloses the method of claim 1, further Comprising 
encrypting at least one value passed to one of host variable and a parameter marker 
used by the SQL statement, wherein logging execution of the SQL statement further 
comprises storing the encrypted value in the execution log, where the SQL statement is 
the value passed to the host variable, the encrypted SQL string also known as the 
constant string (Column 3, lines 50-55) and the parameter markers which are used for 
the arguments. 

In reference to claim 3: 

Chan discloses a method of logging query execution in a database management 
system, the method comprising, 

Generating an encrypted representation of an execution detail for a query 
executed by the database management system (Column 3, lines 10-37) 

Logging the execution detail for the query in an execution log for the database 
management system by storing the encrypted representation thereof in the execution 
log, 

where the execution detail is logged in a table and stored therein in its encrypted 
representation. (Column 3, lines 50-60) & (Column 4, lines 50-60) 

In reference to claim 4: 

Chan fails to explicitly disclose the method of claim 3, further comprising receiving the 
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query in an unencrypted form from an application program in communication with the 
database management system. 

However, the Examiner takes official notice that receiving an SQL query in unencrypted 
form was well known at the time of the invention. In fact it was the state of the prior art. 
Chan attempts to provide some measure of security in executing SQL statements by a 
DBMS. The prior art comprises transmitting and receiving these commands in 
unencrypted form. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
receive the query in unencrypted form in order to provide the advantage of speeding up 
processing and execution times without the added overhead of implemented security. 

In reference to claim 5: 

Chan fails to explicitly disclose the method of claim 4, wherein generating the encrypted 
representation is performed after communicating the query to the database 
management system. 

Chan instead discloses that the SQL statements are sent and that the encrypted 
versions of these statements are generated. Chan does not explicitly disclose the order 
of these events. 

The Examiner takes official notice that generating the encrypted representation after 
communication the query to the DBMS was well known at the time of invention. 
Often time, a query is announced to a DBMS as a preparatory handshake signal to 
determine if the server is active and waiting. Once the handshake is complete, the 
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encryption may further proceed. It is advantageous to do this because it conserves on 
the computational resources necessary to perform the encryption if the encryption is not 
necessary. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
generate the encrypted representation after communicating the query in order to first 
determine which version of the DB access program the client is using. (Column 2, lines 
60-67) 

In reference to claim 6: 

Chan discloses the method of claim 3, wherein generating the encrypted representation 
is performed prior to communicating the query to the database management system 
(Column 4, lines 40-50); 

And decrypting the execution detail in association with displaying the execution log (see 
response to claim 1 at the last bullet). 

In reference to claim 7: 

Chan (Column 3, lines 12-60) discloses the method of claim 3, wherein the execution 
detail comprises a query Statement, where the query statement is the SQL or 
"structured query" statement. 

In reference to claim 8: 

Chan (Column 3, lines 12-60) discloses the method of claim 3, wherein the execution 
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detail comprises a value passed to a host variable during execution of the query, where 
the host variable is the encrypted SQL string, and the value passed to the variable is the 
value of the function Encrypt(). 

In reference to claim 9: 

Chan (Column 3, lines 12-60) discloses the method of claim 3, wherein the execution 
detail comprises a value passed to a host variable during execution of the query where 
the host variable is the encrypted SQL string, and the value passed to the variable is the 
value of the function Encrypt(). 

In reference to claim 10: 

Chan fails to explicitly disclose the method of claim 3, further comprising logging a 
second execution detail for the query in the execution log in an unencrypted 
representation. 

Chan rather discloses logging the statements in encrypted form in a table. (Column 3, 
lines 50- 60) & (Figure 3) 

It would have been obvious to one of ordinary skill in the art to log an unencrypted 
representation of the string in order to conserve the resources necessary to compute 
the encryption. 

In reference to claim 1 1 : 

Chan discloses the method of claim 10, wherein the second execution detail includes at 
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least one of an access plan and a performance statistic associated with execution of the 
query, where the access plan is the 2nd modified access program used by trusted 
clients. (Column 2, lines 60-67) & (Column 3, line 60 - Column 4, line 5) 

Claim 12 is cancelled by the applicant 

Claim 13 is rejected for the same reasons as claim 26. 

In reference to claim 14: 

Chan (Column 2, line 60- Column 3, line 60) discloses the method of claim 3, further 
comprising determining if database monitoring is enabled in the database management 
system, wherein generating the encrypted representation is performed if it is determined 
that database monitoring is enabled where the database monitoring comprises receiving 
incoming SQL statements, and where the encrypted representation is generated if the 
system of Chan is used. 

In reference to claim 15: 

Chan (Column 3, lines 12-60) discloses the method of claim 3, wherein the query 
comprises an SQL statement. 



In reference to claim 16: 
Chan (Column 2, line 60- 



Column 3, line 60) discloses an method apparatus, 
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comprising: 

At least one processor; (Column 2, lines 40-45) 

A memory within which is stored an execution log; (Column 2, lines 40-60) & 
(Column 3, lines 50-60) • Program code configured to be executed by the at least one 
processor to log query execution in a database management system by generating an 
encrypted representation of an execution detail for a query executed by the database 
management system (Column 3, lines 10-25), and logging the execution detail for the 
query in the execution.log by storing the encrypted representation thereof in the 
execution log. (Column 3, lines 50-60) 

Claim 17 is rejected for the same reasons as claim 4. 

Claim 18 is rejected for the same reasons as claim 5. 

Claim 19 is rejected for the same reasons as claim 6. 

In reference to claim 20: 

Chan (Column 3, lines 50-60) discloses the apparatus of claim 16, wherein the 
execution detail comprises a query statement. 

In reference to claim 21 : 

Chan (Column 10, lines 10-37) disclose the apparatus of claim 16, wherein the 
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execution detail comprises a value passed to a host variable during execution of the 
query, where the host variable is the embedded constant string, and where the value 
passed to it is the value of the function of Encrypt(SQL statement with placeholders) 

In reference to claim 22: 

Chan (Column 3, lines 1-60) & (Column 4, lines 10-35) discloses the apparatus of claim 
16, wherein the execution detail comprises a value passed to a parameter market 
during execution of the query, where the value passed to the parameter markers are the 
arguments. 

Claim 23 is rejected for the same reasons as claim 10. 
Claim 24 is rejected for the same reasons as claim 11. 
Claim 25 is cancelled. 
In reference to claim 26: 

Chan (Column 3, lines 35-50) fails to explicitly disclose the apparatus of claim 25, 
wherein the program code is configured to generate the encrypted representation by 
encrypting the execution detail using a public key, and wherein the program code is 
configured to decrypt the execution detail by decrypting the execution detail using a 
private key paired with the public key. 
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Chan instead discloses encryption with the private key and decryption with the public 
key. 

The examiner takes official notice that public key cryptography was well known to those 
of ordinary skill in the art at the time of invention. Public key cryptography encrypts with 
the public key and decrypts with the private key. The method Chan is advocating is a 
digital signature algorithm which encrypts with a private key and decrypts with the public 
key. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
encrypt the SQL code with the public key and decrypt with the private key in order to 
establish the secrecy such that only the person with the private key would be able to 
read and decipher the query. 

Claim 27 is rejected for the same reasons as claim 14. 
In reference to claim 28: 

Chan (Column 3, lines 50-60) discloses the apparatus of claim 16, wherein the query 
comprises an SQL statement. 

Claim 29 is rejected for the same reasons as claim 16. 



Claim 30 is cancelled. 
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Conclusion 

10. Applicant's amendments necessitated the new ground(s) of rejection presented 
in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 1 . Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3739. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system: Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 



Farid Homayounmehr 
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